Fundamental Study Strong categorical datatypes II: A …peter/cockett2.pdf · Fundamental Study Strong categorical ... Dwight Spencer b a Department of Computer Science, University

Theoretical Computer Science

ELSEVIER Theoretical Computer Science 139 (1995) 69-113

Fundamental Study Strong categorical datatypes II:

A term logic for categorical programming

J. Robin B. Cockett"'*, Dwight Spencer b a Department of Computer Science, University of Calgary, Calgary, Alberta T2N 1N4, Canada

b Department of Computer Science and Engineering, Oregon Graduate Institute, Portland, OR 97291, USA

Received September 1992; revised March 1994 Communicated by M. Nivat

Abstract

This paper lifts earlier category-theoretic results on datatypes to the level of an abstract language suitable for categorical programming language implementation. The earlier work built a strongly normalizing categorical combinator reduction system based entirely on fun- ctorial strength which allows the distribution of context to the interior of datatypes.

Here we declare inductive (initial) and coinductive (final) datatypes in a Hagino-Wraith style to provide an expressive computing environment. An inductive (resp. coinductive) datatype consists of a strong type-forming functor accompanied by (1) a collection of constructors (resp. destructors) and (2) a fold (resp. unfold) which is parametrized by state transformations to realize the appropriate universal property.

The high complexity of programming exclusively in categorical notation (combinators) warrants the development of a friendlier language isomorphic to the distributive categorical setting. In this paper such a term logic, which is also the programming language of the charity programming system, is described. This logic is first-order and is dictated directly by the underlying categorical semantics. It embodies primitive inductive and coinductive principles which reflect the uniqueness properties of the fold and unfold combinators. Several basic progam equivalences are demonstrated to illustrate how these inductive and coinductive principles can be used.

1. Introduction

In Par t I I-3] a first-order categorical setting was developed in which initial and final categorical data types with reasonable computa t ional properties could be built. There the not ion of strength was used to capture an impor tan t aspect of higher-order settings in a first-order manner: that all definable datatypes should allow the

* Corresponding author. Email addresses: [email protected] and [email protected].

0304-3975/95/$09.50 © 1995--Elsevier Science B.V. All rights reserved SSDI 3 0 4 - 3 9 7 5 ( 9 4 ) 0 0 0 9 9 - 5

70 J.R.B. Cockett, D. Spencer / Theoretical Computer Science 139 (1995) 69-113

distribution of contextual data uniformly throughout their structure. This distribution is carried out by a parametrized family (natural transformation) of "explicit strength" morphisms that uniquely accompany each defined functor. These functors and their datatypes are deemed "strong" because of the well-known correspondence of explicit strengths to the enrichment structure of strong functors over a closed symmetric monoidal category [10-].

In this paper we introduce a term logic for these strong datatypes to provide a logical view of the underlying categorical ideas. The resulting logic has a different perspective on induction as the inference rules are based on the uniqueness of the fold combinator rather than the principle of structural induction. In first-order logics, unlike higher-order logics, structural induction does not automatically guarantee the existence of fold terms, although their uniqueness can be derived when they are present. Here the primitive inductive principle of fold uniqueness axiomatically generates fold terms. The ability to generate fold terms is in harmony with the requirements of programming.

Furthermore, this primitive style of axiomatization can be applied equally well to coinductive datatypes via the uniqueness of the unfold combinator. Consequently, the term logic allows reasoning about datatypes such as streams and lazy trees in a first-order manner. This should be compared to the coinductive principles proposed in [15, 14] which involve bisimulation and higher-order constructions.

The term logic can be used as a template for building categorically based languages or directly as a programming language. The programming language charity is based upon this term logic. Charity underlines the widely recognized importance of the fold and unfold combinators (see [9, 13]) by enforcing their exclusive use and thereby introduces a new and disciplined style of programming. We motivate the development by including charity examples of elementary programs using common datatypes.

1.1. Datatypes

We recall from Part I that a categorical setting can be built for strong initial and final datatypes by selecting a category with finite products and successively adding to it combinators for each datatype as it is adjoined. The adjoining is accomplished by datatype declaration; the two declarative formats used by Charity [2] are shown below:

data L(A) ~ C

=cl :El(A, C)--*C

data C ~R(A)

=dl : C ~EI(A, C)

. . . I . . .

[c,: En(A, C)---,C. Idn: C---,E,(A, C).

J.R.B. Cockett, D. Spencer / Theoretical Computer Science 139 (1995) 69-113 71

These forms of definition were introduced by Hagino [5]. The factorizer versions of the Hagino "left" (L(A) appears as a domain) and "right" (R(A) appears as a codomain) forms of datatype declaration have been reworked in a style similar to that suggested by Wraith [20]. Wraith's technique also allowed the translation of the resulting combinator rewritings into the polymorphic lambda calculus thereby pas- sing along to the theory the calculus' strong normalization property.

The "left" declaration delivers a strong initial datatype-forming functor L in which L(A) is a structure with parametric data of type A. L is strong because it arrives paired with a natural transformation

O~,x" L(A) × X ~L(A × X)

- a strength - that distributes the environment or context X throughout the structure of L(A). This allows the context to be accessible for processing by actions on parametric data in the structure. L(A) is built from its component structures El(A, L(A)) by canonical constructors labeled "ci" where ci:Ei(A, L(A))~L(A). Im- portantly, L(A) is the categorical coproduct of the Ei(A, L(A)) via the cg.

The "left" declaration asserts that any map from the new type L(A) to a type C is to be determined uniquely by a set of n programmer-chosen maps from EdA, C) to C. In this way, a new map that operates on L(A) data structures, called a fold factorizer, becomes available by specifying what may be usefully thought of as n state transformations. These state transformations supply recursive behavorial actions for the fold factorizer to perform on components of an initial data structure.

The "right" declaration acts dually to also provide a type-forming functor possessing a strength. Here a set of canonical destructors di:R(A)~Ei(A, L(A)) are spawned whereby R(A) is the categorical product (or a record) of the Ei(A, L(A)). A destructor's role is to project the corresponding component (or field). The "right" declaration dictates that maps to the type R(A) from a type C are to be determined uniquely by a collection of programmer-chosen state expansions from C to Ei(A,C). Such an R data structure-producing program is called an unfold factorizer.

The labels c~ and di name only the canonical operations and should not be confused with the programmer-chosen maps. These constructors and destructors are always associated with their respective datatypes and are in one-to-one correspondence with the programmer-chosen maps used for building each factorizer.

The parametric data A will usually range over a power of the given datatype category. We have avoided writing a tuple of variables by viewing it as ranging over an arbitrary category.

In Fig. 1 we provide examples of common datatypes. Database trees, DBtree, include node data and leaf data of different structure. Lists and colists are, respectively, the least and greatest solutions to the same domain equations as are the datatypes NElist/coNElist (nonempty lists) and NEtree/coNEtree (nonempty trees). These codatatypes include the infinite structures as well as the finite structures. In contrast, infinite lists, Inflist, and infinite binary trees, lnftree, do not have any corresponding inductive datatype and are forced to have infinitary structure.

72 J . R . B . C o c k e t t , D. S p e n c e r / T h e o r e t i c a l C o m p u t e r Sc i ence 139 ( 1 9 9 5 ) 6 9 - 1 1 3

Booleans Natural Numbers Finite Lists

d a t a B o o ] ---} C d a t a Nat ~ C d a t a L i s t ( A ) ---+ C

= t r u e : l - - - + C = z e r o : l - - - + C = n / / : l - - - + C

[ f a l s e : l - - - - - - + C . [ succ:C-- - - - -+C. I c o n s : A x C - - - + C .

Fini te B inary Trees Infinite B inary Trees Infinite Lists

d a t a Btree(A) ---+ C d a t a C ----+ Ir f f t ree(A) d a t a C ~ In/~st(A)

= b lea f :A- - - - - -+C = n o d e : C - - - - + A = h e a d : C - - - - - + A

[ b n o d e : C x C - - - - + C . [ f o r k : C - - - - + ( C x C ) . [ t a i l : C - - - ~ C .

F i n i t e D a t a b a s e Trees

d a t a DBtree(A, B) ----r C

= db lea f : A -----+ C

[ d b n o d e : B x ( C × C ) ------.r C .

N o n - e m p t y Trees

d a t a NEtree(A) ---+ C

= ne lea f : A ~ C

[ n e b r a n c h : A x ( C x C ) - - - - - + C .

N o n - e m p t y Lists

d a t a NElist(A) ~ C

= neun i t : A ------+ C

I n e c o n s : A x C - - - - - + C .

CoLists Co-Non-empty Trees Co-Non-empty Lists

d a t a C -----4 coNEtree(A) d a t a C -----+ coNElist(A) d a t a C ---+ c o L i s t ( A )

= nenode : C -----+ A = nehead : C ---+ A = s p l i t : C - - - + l + A x C .

I n e f o r k : C - - - + l + ( C×C). I n e t a i l : C - - - - + l + C .

Fig. 1. D a t a t y p e defini t ions.

1.2. Inductive programs

As an illustration of programming with inductive datatypes, consider the charity declaration of database trees above. This datatype's parametric data are held by the type variables A and B. The leaves have values of type A and the internal nodes have values of type B.

The component types of the database trees declaration can be unraveled as follows to see their structure as functors:

E~ ((A, B), DBtree(A, B)) = Fst(Fst(((A, B), DBtree(A, B)))) = A

and


E2((A, B), DBtree(A, B))

= Prod(Snd(Fst(((A, B), DBtree(A, B)))), Diag(Snd(((A, B), DBtree(A, B))))

= B x (DBtree(A, B) x DBtree(A, B)),

where Fst, Snd, Prod, and Diag are the basic strong functors of projections, product and diagonalization.

We preview the term logic with a sample charity program. The progam accepts database trees with natural number leaves and boolean internal nodes, and computes the sum of all leaves of the tree t that are residing within a subtree not rooted by a boolean equal to false:

def leaf_sum(t) = {I dbleaf: v ~ v

I dbnode: (b,(s 1, s2)) ~ {true ~ s 1 + s2

Ifalse ~ 0

}(b) l}(t)

An example datum of the DBtree(Nat, Bool) data structure is

dbnode (true

,(dbnode(false

,(dbnode (true

,(dbleaf(3)

,(dbleaf(2)))

,dbnode (true

,dbleaf(5)

,dbleaf(0)))))

,dbnode(true

,(dbleaf(7)

,dbleaf(9)))).

In the program we presume previous declarations of the natural numbers, booleans, and definitions of basic functions such as ' + ' . The subprogram identified by the label "leaf:" processes only leaf substructures and does so by simply extracting the leaf's

74 J.R.B. Cockett , D. Spencer / Theoretical Computer Science 139 (1995) 69 113

A-value to form a partial result. The second subprogram, labeled by "nodo:", processes nodes by cases: if the node's boolean value is t rue the next partial result is computed by adding the partial results of the node's left and right subtrees contained in the result variables s l and s2; otherwise, the partial result is zero. The code body between the pair of decorated braces {[... [} is inductively driven by the structure of the tree t starting from the leaves. The conditional delimited by the {... } braces is a case analysis applied to the boolean argument b.

The earlier work [3] showed the fold factorizer morphism representing a program over an inductive datatype L(A) to be the unique morph i smfo ld L {hs} that must exist to make the collection of initiality diagrams below - one per constructor c i - commute for any collection hs = h i ... . . h, of morphisms:

Ei(A, L(A)) x X c.× idx , L(A) x X

Ei(A, L(A) x X ) x X foldL{hs} ,,

Ei(A,fold L {hs} ) x id~ t

Ei(A, C) x X h, ' C

The programmer's code specifies the action of the fold by supplying the state transformations hi which may access context data of type X on the simpler component datatypes. Thus, the processing of a substructure ci(_) by the right downward arrow is accomplished by going down the left arrows to distribute the context into the substructure and then process the substructure with contained context by applying the bottom transformation hv The inductive nature of the factorizer is exhibited by its appearance within the arrows on the left.

With these diagrams in mind, the reader may notice that context played no role in our first code example. The role of context can be illustrated by modifying that code to include an "access cost" overhead. For example, a leaf position may cost an extra x l and a node position an extra x2 to access:

def leaY~u.tn(t, x l , x2) =

{ I lea$., v = ~ v + x l

Inode: (b, t l , t 2 ~ { t r u e ~ ( t l + t a ) + x 2

[false ~ 0

}(b) J } (t)

The computation is again driven by the inductive structure of t: the auxiliary data in the contextual variables x l and x2 are now available everywhere within the program and in particular have been used t o modify the transformations of the fold.


As the initiality diagrams completely define the datatype, L(A) is an initial datatype. From them the general "recursive domain equation" for these initial datatypes.

L(A) ~ E1 (A,(L(A) ) + E2(A, tL(A) ) + . . . + En(A, L(A) )

can be derived. A special version of the initiality diagram defines the arrow component of the

functor L, i.e. if f : A ~ B is a morphism between parameter datatypes, then L ( f ) : L ( A ) - - , L ( B ) is definable as a fold factorizer by a careful selection of the hi's (see Proposition 2.4). L ( f ) in turn can be used to construct another important fold factorizer called the map factorizer of f, which is denoted mapL(f). It inductively performs the action of f on each parametric datum - with context present - of the structure to produce a result of the same structure. Categorically, mapL(f) can be thought of as the composition of (1) L's strength for diffusing the context into the structure and (2) the functoring of f t o operate uniformly on the data-with-context, i.e. mapL(f) = oL; L(f ) : L(A) x X ~ L(B).

Another fold factorizer, the case factorizer denoted as case L, carries out a single operation via case analysis on an initial data structure to produce a result. The example node: subprogram illustrated this construct.

L's explicit strength O ~ , x : L ( A )×X-*L(A x X) is also a fold factorizer and is therefore uniquely determined. The mysterious 0~' above is an abbreviation for an unstated morphism composition involving 0 e' in which context is distributed only into the recursively defined parts of component structures.

The fold factorizer with its various specializations (case L, map L) can be used to provide a reasonable tool-kit for programming. They operate in the same manner as the like-named functions employed within conventional functional programming.

The rewriting rules for program evaluation can be extracted from the initiality diagrams of the specialized factorizers. The two possible paths in each diagram form the sides of the rule, with the rewriting direction towards the path involving the less complex component datatypes. The reductions (with some simplification) are:

c, x idx; fold z {hi ..... hn} ~ (map E' (Po, fold L {hi ..... h~} }, p l ) ; h,

c i x id x ; caseL { h l ..... hn } ~ hi

ci x idx; map L { f l ..... fro} ~ m a p e' {(fl . . . . . f,n), map L {fl ..... fro} }; ci.

1.3. Co-inductive programs

While an inductive datatype typically serves to drive a program to process component-by-component the structure's basic data, a coinductive data structure is a result built starting from some seed datum. The coinductive components are independently constructed from the single seed by parallel subprograms.


The coinductive declaration delivers the finality diagrams below that make the functor R together with its destructors a final datatypes:

C x X <o~,p,> E~(A, C) x X

unfold"{(Js} Ei(A, C x X )

Eda, unfold" {Os}l

R(A) ~ , E i (A ,R(A))

The diagrams express the programming requirements for producing a R(A)-typed result from a seed data value of type C in the presence of context X. The program unfold R {gs} is determined by the subprogram 9s = 91 ..... g,. These finality diagrams imply that R(A) is isomorphic to the product of its component datatypes Ei(A, R(A)) (see [3]):

R(A) ~- E, (A, (R(A)) × E2(A, (R(A)) x ... x E.(A, R(A))

i.e. R(A) can be regarded as a record and the destructors di act as field extractors. As an example, consider the declaration below of binary search tress: Srtree(A, B).

They are tree structures - possibly infinitary - having internal modes of datatype A and leaves of datatype B:

data C -~ Srtree(A, B) = srroot: C ~ A

I srbranch: C ~ B + (C × C).

The A-typed data occupies the internal nodes because the record pairs an A-value with either a single B-leaf or two search tree branches. The two destructors provided by the declaration have the respective typings

srroot : R ( A ) ~ A

srbraneh: R(A) --* B + (R(A) × R(A)) .

Below is a finite search tree example with boolean internal nodes and natural number leaves structured as a recursive record:

(srroot: true,

srbranch: bl((srroot: false

,srbranch: bl((srroot: false

,srbranch: b0(7))

,(srroot: t rue

,srbranch: b0(5))))

,(srroot: t rue

,srbraneh: b0(3))))


The bO and b l are the constructors of the sum datatype forming the codomain of srbranch.

With this example we again see the possibility of recursive definition, this time within a field. Here the srbraneh: field contains either a basic datum of type B or recursively the same datatype within a product of two of its record structures. At the outermost level the record structure appears finitely as two fields labeled srroot: and srbraneh: that tie a subtree root datum to its branches. Yet, internal to the srbraneh: field an eventual infinitary structure may be implied by its specific subprogram if that subprogram builds the field in an open-ended recursive way. The disjoint sum forming the codomain of s rbranch represents a choice at an internal node between selecting a terminating B-leaf value or continuing further a recursive construction of the srbranch: field. This implies that the infinitary subprogams must be invoked as- needed, or lazily, to produce only enough of a record sufficient for the computation at hand.

A sample program producing search trees with boolean nodes and natural number leaves is offered below. The assumed predicate divides is the usual number-theoretic one: vl[v2. The ([...[) brackets delimit the program that is applied to the natural number n in the presence of the context x. The two subprograms that build the structure are srroot: and srbranch:. Notice that the resulting structure can be either finite or infinite depending on the values of n and x.

def d_iv_tree(n, x) =

(Iv ~ srroot: divides(v, x)

[ srbranch: {true ~ bO(v)

[false ~ b l ( v - - 1, v + 1)

}(divides(v, 2x)) I)(n)

In the same manner as for initial datatypes, a final datatype R(A)'s unique explicit strength O~,x:R(A) x X - - , R ( A x X ) is an unfold factorizer. Likewise, additional specializations of unfold factorizers are provided for programming convenience, viz. the record factorizer and the map factorizer.

The rewrite rules for computing with final datatypes are derived directly from the finality diagrams and appear below:

unf oldR { 91 ..... 9.} ;di =¢" (ai, P l ) ;mape' { Po, unf oldR { 91 ..... 9,,} }

recordR {9a ..... 9,} ; d i ~ 9i

map" { f l ..... fm};d~ ~ d, x idx ;map e,{( f l ..... %,), map" {fl ..... f.,} }-

The standard set of product rewriting rules combined with the new rules accumu- lated by any finite set of datatype declarations form a confluent and terminating reduction system for evaluating programs that compute with the declared datatypes.

78 J.R.B. Cockett, D. Spencer / Theoretical Computer Science 139 (1995) 69 113

Also, the recursive nature of these rules motivates their corresponding initiality/ finality diagrams being called recursion diagrams.

1.4. Outline

Section 2 introduces the term logic and discusses some of its basic properties. The design of the logic was motivated by its use as the programming language of charity. This logic has several novel features, notably the use of variable bases to provide a rudimentary level of pattern matching. As each inference rule is introduced we show its specialization to two specific datatypes. These datatype inference rules constitute the primitive induction and coinduction principles of this logic.

In Section 3 we illustrate how these rules can be used to establish some simple program equivalences. The proofs include the underlying categorical diagrams to illustrate the interplay between the term logic and the categorical combinators.

We describe in Section 4 how to establish the equivalence between the term logic and the underlying category theory. There are various ways of establishing this: we choose the brute force method by providing a pair of translations going in opposite directions and proving each is consistent and inverse to the other.

We have not included complete proofs. Many of the proofs proceed by a lengthy structural induction whose details are fascinating as exercises but numbing to the reader. The critical work lies in the setting up of the logics and translations; this we have presented in reasonable detail.

We present our concluding observations in Section 5.

2. Term logic

Coding solely with categorical combinators is an intimidating and unintuitive style of programming: raw combinators are overly detailed. This section develops a higher- level programming language as a term logic. The term logic eliminates the plenitude of projections occurring within combinator expressions: projections tend to proliferate as they are instrumental in the distribution of the context to the inside of datatypes. In Section 4 we show how the term logic corresponds exactly to the underlying distributive categorical structures.

We proceed by augmenting a "seed" finite product theory, corresponding to a category with finite products, with terms and rules that reflect the processing made available by the declaration of a sequence of strong datatypes. The term logic development generalizes the development for distributive categories in I-1].

The term logic has been designed as a programming language. It is a foundation to which strong datatypes can be easily adjoined, and it can be translated or compiled into categorical combinators. It will emerge from the forthcoming definitions that the unit of translation is a term t in a context v. This is represented by a binding construct {v~--~t} called an abstraction. This construct differs from 2-abstraction both superficially


by permitting pattern matching on products and semantically as it is not itself a term of the logic.

2.1. Finite product theories

A specification of a finite product (or many-sorted) theory, ~ = (T, F, S, E), consists of a set T of primitive types, a set F of function symbols, a signature map S:F ~ f f×, x (T) x if×, 1 (T), and a set E of equations between closed abstractions. The signature map S provides for each function symbol the domain and codomain types as free words on the primitive types. The full theory can then be generated by the following rules:

Types The collection of types, ~×,~(T), for the cartesian theory is defined inductively

starting from the primitive types. (i) if z e T t h e n z is a type.

(ii) 1 is a type. (iii) If Zo and zx are types then Zo x z~ is a type.

Variables and variable bases With every type ~ there is assumed to be a countable collection of variables:

V ~1(1 ) 11( 2 ) 19(3) 17(i)

For clarity, the superscripting will be omitted and the typing abbreviated, with both being inferable from discussion context. So vi will typically mean v~ ° for some infered type z.

In addition to isolated variables, variable bases are provided as a programming convenience to carry out two tasks: (1) to bind more than one distinct variable at one time within a single expression and (2) to provide direct binding access (i.e. avoiding use of projections) to the components of data. These tasks are usually treated as part of the pattern matching process in functional languages.

Variable bases with their type associations are defined as follows. (i) () is variable base of type 1.

(ii) A variable v~ is a variable base of type z. (iii) If Vo and vl are variables bases of type Zo and zl, respectively, having no

variables in common then (Vo, vx) is a variable base of type Zo x zl.

Terms The variables, function symbols, and projections for product types are available for

building terms. The inductive definition of terms and their associated types are given below.

(i) () is a term of type 1. (ii) A variable v~ is a term of type z.


(iii) If to and tl are terms of type Zo and zl, respectively, then (to, tl) is a term of type ~0 X "~1"

(iv) If t is a term of the product type Zo x zl then po(t) is a term of type Zo and pl (t) is a term of type zl.

(v) If f is any function symbol o f F with S(f )=(T, ~'), i.e. with domain of type z and codomain of type z', and t is a term of type z, then f(t) is a term of type z'.

(vi) If t is a term of type z, t' a term of type z', and v a variable base of type z' then {vF-*t}(t') is a term of type ~.

It is worth remarking again that the abstraction {v~--~t} above is not a term of the logic as functions are not to be terms in this first-order setting.

Free variables Since we have a binding operator, viz. the abstraction, the terms have free and

bound variables. The free variables of terms are determined inductively by the following.

(i) fvas (()) = O. (ii) If v is a variable, thenfvars(v)= {v}.

(iii) fvars((to, t 1)) =fvars (to) wfvars (t 1). (iv) If f is any function symbol (including projection), then fvars(f(t))=fvars(t). (v) fvars( { v~--~ t } (t') ) =fvars(t')u(fvars(t)--fvars(v) ). If an abstraction {v~-+t'} occurs in a term t, the occurrence of a free variable in t'

that occurs also in v becomes bound. A variable occurrence not judged bound is free. We shall conventionally refer to a variable as being in a term when that variable occurs freely in the term. Bound variables will be treated as invisible variables which can be renamed without changing the meaning of the term.

While in general an abstraction may have free variables, the closed abstractions, i.e. those having no free variables, are important as they are the "programs" of this setting. We say v is a variable base for t in the case {v~--~t} is a closed abstraction.

Substitution With the definitions of terms and free variables, we can inductively define the

meaning of applying a simultaneous substitution to a term t'. We write the substitution as av:=t(t') where v is a variable base possessing the same type as the term t. The substitution involves matching the components of t to the variables of v in order to replace the occurrences of these variables in t'. The rules below describe precisely how this is done. Since variables may be substituted by terms containing variables, we hereafter assume for all substitution rules that renaming of bound variables, away from free variables is performed in parallel. The renaming prevents any variable clashes that would cause substituted free variables to be captured; doing it in parallel allows structurally inductive substitution proofs to be correctly built as demonstrated by Stoughton [183. The rules are the following.

(i) av:=,(()) =() . (ii) For each variable x.


(1) If x does not occur in v, then av:=,(x)=x, (2) if x = v then tr~:=,(x)=t, (3) if v=(Vo, Vl) and x occurs in vi, then av:=,(x)=a .... p,{o(x).

(iii) tr~:=,(to, tO=(av:=,(to), trv:=,(tl)). (iv) If f i s any function symbol , then av:=,(f(t'))=f(a~:=,(t')). (v) =

Rules (ii) and (v) use the fact that bound variables are renamed away from free variables. Not ice also that

o'o,, rr= (,o,,,)(x, y ) = (po(to, tl),pl (to, tl)

and differs substi tutively f rom

ax~_,o(trr~_,, (x, y)) = (to, tl)

due to the manne r in which the subst i tut ions is performed.

Axioms and inference rules A set of ax ioms and rules are used to construct a type-indexed family of equivalence

relat ions (=,) a m o n g closed abs t rac t ions having terms of the same type and variable bases of type z.

These relations are generated by the rules below. For brevity, to = ~ tl will be used to abbrevia te {v~-'~to} =~{v~--~tl}. • Equivalence of identities: For all variable bases v and v' of type z,

{v v}

• Unit

t is of type 1 v is a variable base for t t=o()

= ,

where tl and t2 must be of type z'.

• Projection

v is a variable base for po(to, tO po(to, tl) =v to

v is a variable base for po(to, tl) po( to, t l) =~ t l

• Application:

v is a variable base for {v'~--~t}(t') {v%*t}(t') =o~ro,:=c(t)

• Conoruence:

{v,F-~t,} --, {v2~-*t2) {v'l~-~tl} =~, {v'2~--~t'2}


The concept of composing programs can be expressed by the following definition where the types of Vl and to match:

{Vo~-*to} ; {vl~-*tl} - {Vo~--~{Vo~--~tl}(to) }.

Its well-definedness up to =z-equivalence is straightforwardly derivable from the congruence axiom.

The requirement of associativity up to equivalence then becomes

({VoW*to};{vlw-~tl}); {Vz~-*t2} = {Vo~-*to};({vl~-*tx};{v2~-*t2}).

where substitution is now forced by the composition rule to satisfy

This requirement is fulfilled as a corollary of the following elementary substitution property of the finite product theory.

l.~mma 2.1 (Associativity of substitution). Whenever {v2w-~t2} is a closed abstraction,

With associativity we can also quickly derive the following lemma.

Lemma 2.2 (Simultaneity of substitution composition). Whenever {v2~-*t2} is a closed abstraction,

cr,,, ~,o (~r,,~ = , , ( t~ ) ) =,,o a~o,. ~,~ . . . . . . . ~,,), , ,o)(t~).

Note that the identity axiom could be replaced by a rule for explicitly renaming variables or the principle of extensionality,

{v, ~ , {v~t2} (vx) } =~ {v~,-,t~}. Furthermore, the surjective pairing identity

(po(t),pl(t)) =~t

is a consequence of the properties of substitution, making the type of t a finite product.

2.2. Inductive datatype declarations

Incrementing the theory by the declaration of a new inductive datatype

data L(A)--*C

=ca : El(A, C)--*C

, . .

Ic,: E,(A, C)--*C.

J.R.B. Cockett, D. Spencer / Theoretical Computer Science 139 (1995) 69 113 83

delivers the machinery to form and reason about the new terms and types introduced. This section describes the addit ional type, term, and inference rules introduced by such a declaration. The newly declared data type must be built using types E~(A, L(A)), i = 1 . . . . . . n, for the domains of the constructors which can be formed from the earlier-declared datatypes and the basic type forming rules.

In the description below we take the parametr ic arity of the functor of the data type L to be m, i.e. A =(A1 , . . . , Am).

Types If r l ..... zm are types then L(zl ..... zm) is a type.

Variables and variable bases L(zl zm) has a countable collection v i of variables available each of ,' "", L(rl ..... "rm)

which by itself forms a variable base.

Terms (i) If t is a term of type Ei((zl , . . . ,~) , L(zl ..... z~)) then ci(t) is a term of type

L(zl ..... zm). (ii) If t is a term of type L(zl .... , zm), vi is a variable base of type Ei((zl ..... zm), z),

and each tl is a term of type z for i = 1 ,..., n then lcl:vl tl • . . )(t)

Cn " Vn ~ tn

is a term of type z, viz. fold factorizer applied to t. (iii) If t is a term of type L(Zl ..... z,), v~ is a variable base of type Ei((Zl ..... zm),

L(zl ..... zm)), and each t~ is a term of type z for i = 1 ..... n then

'CI (/)::F ill(/7 )

is a term of type z, viz. a case factorizer applied to t. (iv) If t is a term of type L(zl ..... zm), wi is a variable base of the parameter type zi,

and ti is a term of type z'i for i = 1 ..... m, then

Vwl ~--~tl l '

LW.~t.j is a term of type L(T'I ,..., z~,), viz. a map factorizer applied to t.

Each case/fold/map factorizer has a number of phrases each of which is an abstraction. These abstractions need not be closed and thereby permit the use of context variables in the abstracted term.


Free variables The free variable rules are extended in the expected way for fold, case, and map

factorizers: (i) fvars(ci(t) )=fvars(t).

(ii)

~c, :v l )~ ' t l~ 'c,(v,)t-~t,l(t) ) .

U c.:~.~,t. ~ c.(v.)~t.) (iii)

[w,~t, 1 , ~ . ,, fvars(L I ' /(t))=!, U (fvars({wi~-~ti})Jwfvars(t)

Lw.~t.] .,=, where fvars ( { w, ~ ti} =fvars (t,) - fvars (wi).

Substitution

(i) a~_t(ci(t')) = ci(a~_~(t')).

ICl:Vlb-"~tl lCl:Vl~'-~¢Tv::t(tl) (ii) a~:=t( . . . . (t')) . . . . (a~:=t(t'))

c. : v.~-'~ tn cn : v~-*a~:=t(t.)

'c,(va~t, (c,(v,)~.,~o::,(t,)) (iii) o',,~_ t( . . . . (t')) = t "" t (a":=t(t'))

c.(~.)~tn [ c.(v.),-,o~:=,(t.) ) [w,,-,t, l [w,,-,,~,,~_,(t,) l

(ivl ,,o:=,(L i ... i ( t ' ) ) = L i - LW.~ t . . ] LWm,--,,~o::,(t...)J

Axioms and inference rules: The =, relations are enlarged by the rules below. Each rule is accompanied by the

specific form for both finite lists, List(A), and database trees, DBtree(A, B), as declared in Fig. 1.

(i) Fold-from-L:

l[ ' [I (c ' ( t ) )= '~v ' ' - ' t ' } (E ' ... ~c,:v, ,_,t 4 (t)) ~c.:vn~--,t.~ wL~-,~ ... I(wD


List A: nil :() ~--~ tx cons : (VA, VC) ~ t2 (nil()) =v t l

~nil :()~--~ tl ~ . . . . . ~nil : ()~--~ tl . . I?tconsta, l))=~{(VA, Vc),~'*t2}(a, ljcons:(vA, vc)W_~t z (1))

cons : ~VA, Vc) ~-* t2 D

DBtrec (A , B):

~db lea f : V A ~ t a ~ . . . . . . . . , ,> tao ,eaI ta~! =v{va~*tl}(a)

d b n o d e : (vn, (Vc, Vc) ) ~ t2

~ db lea f : va ~---~ t , , d b n o d e : (VB, (Vc, VC)) ~-~ t2 (dbnode(b) , (t, t ' ) )) =~

{(VB,(Vc, V'C)) ~ t2} (b,({ ' } (t), {" } (t')))

(ii) Case-from-L:

cl(vl)~tl • . - ~ ( c , ( t ) ) = ~ {v,~t~}(t)

c . ( v . ) ~ t .

List A:

ni l () ~ (nil()) =~ tl t l cons(vA, VListtA)) ~ t2J

nil ]~ (cons (a, l) =o { (VA, VLis, CA)) ~ t2 } (a, l) ( ) t l

cons : (VA,/)List(A)) ~ t2)

D B t r e e ( A , B):

{ dbleaf(vA)~--~tl , t2}(dbleaf(a))=v{VA~__~tl}(a ) dbnode(VB, (/)DBt . . . . VDBtree))

{ dbleaf(vA)~--~tl , }(dbnode(b),( t , t ' ) ))= dbnode(vB, (voBt . . . . VDBtree)) ~ t2 v

{(UB,(VDBt . . . . UDBtree)) ~ /72} (b, (t, t ' ) )

86 (iii) Map-on-L:

J.R.B. Cockett, D. Spencer / Theoretical Computer Seience 139 (1995) 69-113

W ~ t l ] . . .

LW.~t.j

..°

w i w-, t i

"' l( ~ ~ I.I w,'~ w~)

(t))

List(A): List IrA ~-* t] (nil()) =~ nil ( )

List [VA ~ t] (cons(a, l) =~ cons(t(a), List [VA ~ t](l))

DBtree(A, B):

DBtree ~VA F-* ta] (dbleaf(a)) =~ dbleaf((vA ~-* t,} (a)) k v n ~ t 2 _1

D B t r e e [ : : ~ : : ] ( d b n o d e ( b , ( t , t ' ) ) ) = ~

dbnode ( {iln ~-} t2} (b), (DBtree [.. .] (t), DBtree [.. .] (t')))

(iv) L Fold uniqueness:

r WAI-~WA 1 V 7=1 {IlL ~ t} (ci(zi)) =t~,,,) {vi ~ ti} (Ei Lw L ~ {VL ~-* t} (WL) j (zi))

C ; Dll'-'*tl~ {i i~t}(z)=~, . , , ... it(z)

List(A): h(nil()) =v tl and h(cons(a, l) =t~,ta,m t2(a, h(l))

~nil :()~--~ tl ~(l) h(l) =v ~cons : (ilA, VC) ~ t2(ilA, IlC)

DBtree(A, B):

h(dbleaf(a)) =tv,°)tl (a) and h(dbnode(b,(zl , z2)))=(v, tb,(zl,z2)))t2(b,h(zx), h(z2)) h''(t) - ,~l~dbleaf: VAr---~tl (VA) I~ (t) N b n o d e : (ilA, (vc, Ilb))~t2(ii~,(Vc, ~b))


The axioms imply the rewrite rules listed in the introduction. The distribution of context is reflected by the fact that context variables can occur in all phrases of the factorizer. It is left to the reader to verify that the associativity of substitution is preserved when the theory is augmented by an inductive datatype.

We have the term logic analogue of the X-sum lemma [3].

Proposition 2.3. The followin9 inference rule holds in the auomented theory:

h(ci(vi)) =tv, v,) ti for i = 1 ..... n

This proposition can be directly verified, but follows from the next observation. The next result shows that the augmentation process could have been alternately

expressed entirely in terms of the fold factorizer. The separate presentation of case/fold/map factorizers is desirable for programming not only because they are usefully expressive but also their specialized reductions are more efficient. This is particularly true for the case factorizer.

Proposition 2.4. (i)

(ii)

=(v~, vx)

Lw, wq (v:)

(vL))

2.3. Co-inductive datatype declarations

This section describes the process of adding strong final datatypes; it parallels the development of the preceding section. Declaring a new coinductive datatype

data C ~ R ( A )

=dl : C ~Ex(A, C)

Id. : C ~E . (A , C).


provides the machinery to form and reason about the new terms and the types introduced. As before for inductive datatypes, the E~'s must be earlier declared. The resulting new types, terms, and inference rules are described below. The parametric arity of R is taken to be m so that A =(A1 ..... Am).

Types If z~ ..... z , are types then R(z~ ..... zm) is a type.

Variables and variable bases R(zl , . . . ,z~) has a countable collection VR(~,i ..... ~,,) of variables available, each of

which forms a variable base.

Terms (i) If t is a term of type R(z~ ..... T,) then di(t) is a term of type

E/((zl ..... z,), R(zl ..... z~,)). (ii) If t is a term of type C, Vc is a variable base of type C, and each t~ is a term of

type Ei((zl ..... Zm), C) then

dl : tl V C ~ . . .

d n : t n

is a term of type R(zl ..... zm), viz. an unfold factorizer applied to t. (iii) If ti is a term of type Ei((zl ..... zm),R(zl ..... zm)) for i = 1 . . . . . . n then

(d l : t l ..... dn: t,) is a term of type R(Zl ..... zm), viz. a record. (iv) I f t is a term of type R(zl .... ,Zm), Wi is a variable base of type % and ti is a term

of type z~ for i = 1 ,..., m, then

[ W l ~ - - ~ t l l

/ LW. mJ

is a term of type R(z'~ ..... z~,), viz. a map factorizer applied to t. The phrases of an unfold term can be reconstituted as separate abstract maps with

the c o m m o n variable base.

Free variables We show only the rule for the unfold term. The rules for the remaining destructor,

record, and map terms are the obvious ones:

I dl:tll fvars( Vcl--* ... (t))=\i=lfvars(tl)-fvars(vc)jufvars(t)(ul

d~ : t.


Substitution Again we only show the rule for the unfold term. Recall that the variable capture

problem is evaded by parallel renaming during substitution:

~,,:=~( V c ~ . . . (t '))= V c ~ . . . ]l(~o:=,(t)) d,:t. d,:a~_~t.) V

Axioms and inference rules The rules below are added to the =, relations. Each rule is accompanied by specific

examples for the infinite lists and the nonempty lists as declared in Fig. 1.

(i) Unfold-to-R:

t dl.tlD di( Vc~--} ... (t))=~Ei dn" G

W A ~ W A

1 d:.itll(Wc)]({Cc~'-~tl}(t)) d.:t.V J

Inflist(A): head : t ~

head( Vc ~--~ tail. t 2 (c))=v{Vc~--~q}(c)

~ h e a d : t l ~ /1 h e a d : t l ~ tail( Vc~-*tail:t 2 (c))=vllVc~-* .. ({Vc~-*t2}(c)) tall : t 2

coNElist(A): , , , /1 nehead: t l ~(c)) =v

neneaot qVc~--} netail : t2 {Vc ~ t l }(c)

. . . . D nehead: t l netau~ qVc ~ netail : bo() ~ (c)) =v bo()

nehead : t 1 netail( OVc ~---} . . . . . . . ~(c))=~bl(~Vc~--} nehead:tl h q netall : bl(t2)t/ q netail:bl(t'2)~ ({vc~'-}t'2}(c)))


(ii) Record-to-R:

di(dl : tt ..... d, : tn) =v ti

Inflist(A):

head (head : tl, tail : t 2 ) = v tl

ta i l (head : tl , tail : t2) =v t2

CoNEIis t (A):

nehead(nehead : tl , netail : t2) =v tl

ne ta i l (nehead : tl, netail : bo()) =v bo( )

ne ta i l (nehead : tl, netail : bl (t~)) =~ bl (t~)

(iii) Map-on-R:

[ Wl - - tl ]

LW.-t.j

° . .

w i ~ t i . . .

wR~__.~ R[ wl ~'~ tl ] w./X,.J Iw'l

(di(t))

Inflist(A):

head(Infl is t [VA ~-* t '] (t)) =~ {V A ~ t '} (head(t))

tail(Inflist [VA ~-~ t '] (t)) =~ Inflist [VA ~ t'] (tail(t))

coNElist(A):

nehead (coYEl i s t [VA ~ ~ t'] (t)) =~ { VA ~ t} (nehead(t))

ne ta i l (coNEl is t IrA ~ t ' ] (t)) =~ coNEl i s t [VA ~ t'] (netail(t))

(iv) R unfold uniqueness:

[-WA ~ WAq vT=, d,({vc,-,,}(z,))=, .... ,e,L, ,c. t ]({vc,--.t,I(z,)) I d l : t l~

{Vc~--~t}(z)=(v,z) Vc~--~ ... [l(z) dn : tn I


Inflist(A):

head(t(c))=,q(c) and tail(t(c))=ot(t2(c)) head : tl (Vc)h

t(c) =~ Vc w-~tail : tz(Vc) ~1 (c)

coNElist(A):

nehead(t(c)) =vq(c) and (netail(t(c))=vbo(()) or netail(t(c))=vbx(t(t'2(c)))) nehead : tl (Vc) h, t(c) =v (IVc netail:t2(Vc) ~tc~

As expected, most of the counterparts of the strong initial datatype properties are operative for the final strong datatypes: associativity of substitution and definability of the strong final datatype record and map terms by means of the unfold term. These results are left to the reader to be found by imitating the techniques used to establish the corresponding initial datatype results.

3. Program equivalences

The term logic's validation with respect to the strong categorical datatype setting now lies in wait. Yet with the logic's inference rules afresh, this juncture is timely for demonstrating equivalences among programs. For the categorically inclined we have commuting diagrams to motivate proofs. It is, of course, the to-be-proved equivalence of term logic with the categorical setting which allows us to move freely back and forth between these two arenas.

The only induction principles available are the primitive forms provided by the fold-uniqueness and unfold-uniqueness rules. These should not be confused with the more familiar forms of structural induction and coinduction. As mentioned earlier, not only does structural induction demand the presence of more logic (e.g. quantifica- tion), but also in first-order settings it lacks the ability to generate fold and unfold factorizers.

The reader, with some justification, may question whether it is worth considering these apparently weaker forms of induction. The answer lies in the potential for automating a large class of proofs at this level. Interesting articles in this direction are [-12,17].

The game to be played in proving two programs, or closed abstractions, equal under the congruence of the term logic follows roughly the following pattern.

(i) Initially, attempt to reduce and/or transform both programs to a common form via factorizer reductions or previously proven program equivalences.


(ii) Otherwise, attempt to construct the recursion diagram for one of the programs to discover its defining specification in terms of the transformations tl. Now allow the remaining program to play the role of t in the uniqueness rule and thereby use t and the ti to construct the program equivalence subproblems that represent the rule's premises.

(iii) Repeat this method for all remaining generated subproblems. Solving the subproblems produced by a pair of programs is equivalent to showing

that one program behaves exactly the same as the other on common component structures of the datatype, i.e. both programs share the same specification.

In this section we shall not subscript the equality with a type or with variables provided the equality holds for all variable bases containing exactly the free variables of the terms.

3.1. Associativity of appending lists

With the definition

~nil : ( ) ~--* y append(x, y) = ~cons :(a, c)~--~cons(a, c) ~ (x)

the equivalence to be shown is

app end (x, app end ( y, z) ) = append (append (x, y), z) ) .

Clearly, reductions are not applicable and previously proved transforms/equivalences are not yet available at this point, so we turn to constructing the recursion diagram for the program on the left, principally because it conveniently has a factorizer form

append(_, append(y, z))= ~cons~nil : ( l (7 a ) p e ~ i Zal c) ~ (-)

We denote it below as pgmz. The reader should note that strategic selection of the x-variable as the datatype variable, making the remaining variables serve as context variables. Abbreviating List(A) as L(A), we have

1 x (L(A) × L ( A ) ) .,1× in , L (A) x (L(A) x L (A) ) e °"s ×'a (A x L ( A ) ) x (L(A) x L ( A ) ) i i

id ~, pore I i ( a s s - t; id x pore1 , p l ) '

1 × (L(A) × L ( A ) ) .l:...e.~(-,-) ' L (A) ' ~o; . . . . (A × L ( A ) ) × (L(A) × L ( A ) )

Using the program on the right as " t (_)= append(append(_, y), z)", we construct the premises of the fold uniqueness rule for List(A). The two subprogram equivalence problems become

(i) append(append(nil(), y), z) = append(y, z), (ii) append(append(cons(a, l), y), z) =cons(a, append(append(l, y), z) ).


The proof of (i) is immediate with a single factorizer reduction. The proof of (ii) requires two reductions:

append(append(cons(a, l), y), z) = append(cons(a, append(l, y) ), z)

= cons(a, append(append(l , y), z)).

Thus, the associativity property is established.

3.2. Self-inversion o f list reversal

With the definition

, , ~nil:()~--~nil() R reverse~x, y~ = ~l . . . . (x),

{Icons: t a, c) ~ appena ~ c, [a])

where [a] abbreviates cons(a, nil()), we wish to show reverse(reverse(x))= x. This time we draw the recursion diagram for the right-hand side, i.e. the identity:

1, .il , L!A) , . . . . A x L ( A ) I i

ia i ia l ia ,,

1 .-----U,-,-,-,-,-,7-~ L(A) "-------co.s A x L ( A )

So to use fold-uniqueness, we let t (_)= reverse(reverse(_)), t l = nil() and t2(a, y ) = cons(a, y), and thereby create the following subproblems:

(i) reverse(reverse(nil())) = nil(), (ii) reverse(reverse(cons(a, l) ) = cons(a, reverse(reverse(l))). The proof of (i) follows directly with two reverse-factorizer reductions. The example

is completed with the proof of (ii) as

reverse (reverse (cons (a, l) ) ) = reverse (append (reverse (l), [a]) )

= append(reverse([a]) , reverse(reverse(l)))

= append([a], reverse(reverse(t)))

= cons (a, reverse (reverse (l)))

where the second step uses the following lemma.

Lemma 3.1.

reverse(append(x, y) = append(reverse(y), reverse(x)).


P r o o f . The recursion diagram (with L(A)= List(A)) for reverse(append(_, y)) can be built as

] × L(A) nn×id, L(A) × L(A) ,co.s×,d (A x L(A)) x, L(A) I I i d Jt r e v e r s e ( a p p e n d ( , y ) ) ~l ( a s s - 1 ; id × r e v e r s e ( a p p e n d ( _ , y)), Pl )

1 × L(A) p . r e v e , s e ( d L(A) /,o;appendO, taJ) (A × L(A)) × L(A)

The subproblems become (i) append(reverse(y), reverse(nil) ) = reverse( y),

(ii) append(reverse(y), reverse(cons(a,l)))=append(append(reverse(y), reverse(l)), I-a]). Subproblem (i) proceeds as

append(reverse(y), reverse(nil)) = append(reverse(y), nil)

= reverse(y),

with the aid of a lemma (append(x, nil) = x) for t .e second step. The lemma quickly follows from a simple id-recursion diagram and is left to the reader. The derivation for (ii) comes via append's associativity:

app end (re verse ( y), reverse (co ns (a, I) ) = append (reverse ( y), append (reverse (l), [ a] ))

= append(append(reverse(y), reverse(l)), [al). []

3.3. Reverse is identity in List(l)

We try the obvious recursion diagram to attack the example, reverse(x)= x:

! "'~ , List(l) , cons 1 xLis t (1) lid [id lid I

vg

1 ~ List(l) ~ cons 1 ×List(l)

Therefore the following equivalences must be proved within List(l): (i) reverse(nil)= nil,

(ii) reverse(cons( ( ), l) ) = cons( ( ), reverse(l) ). The definition of reverse immediately yields (i). However, (ii) is considerably trickier

- a plausible recursion diagram "candidate" for the right-hand side program is offered below:

1 .il , List(l) ~ co.s 1 xLis t (1) I

l i d i l c o n s ( 1 , r e v e r s e ( ) ) I J - I id × c o n s ( l , r e v e r s e ( ) ) i , . J, 1 ~ List(l) , . . . . 1 x List(l)


The left square commutes by using one reverse-factorizer reduction. The right square commutes by the derivation below with the aid of a lemma for its third step:

cons(l, cons((), reverse(l))) = cons((), append([( )], reverse(l)))

= cons((), reverse(append(l, [()])))

= cons((), reverse(append([()], l)))

= cons((), reverse(cons((), l))). The following lemma that generates the concerned step is the point at which our

excursion depends precisely on all the elements of our lists being equal.

Lemma 3.2. For any l~List(1),

append(l, [( )] ) = append( [-( )], l).

Proof. An appropriate recursion diagram for the le•hand program is

1 nit , List(l) , .... l x List(l) I i. Ip id I append (_ , [ ( ) ] ) i [ d x append(_ , [ ( ) ] ) I i i

~ List(l) , con~ 1 x List(l)

Both squares are easily seen to be commuting by a single append-factorizer reduction. Thus, we need the equivalences

(i*) append(I( )], nil) = [( )] (ii*) append(I( )], cons((), l)) = cons((), append(I( )], l))

which are both also quickly attainable by append-factorizer reductions. []

The candidate diagram is appropriate for showing (ii). It brings forth the following subproblems for the left-hand side of (ii):

(i') reverse(cons((), nil)) = cons((), nil), (ii') reverse(cons((), cons((), l) ) )= cons((), reverse(cons((), l ) ) ). Completing the example, we see that (i') is immediate and (ii') is proved by our latest

lemma:

reverse(cons((), cons((), l) ) ) = append(reverse(cons((), l) ), [()])

= append ( [ ( ) 3, reverse (cons ((), l) ))

= cons((), reverse(cons((), l))).

It is straightforward to show a categorical isomorphism between the natural numbers datatype Nat and List(l). This relationship warrants treating append(x,y) for x, y~List(1) as the arithmetic addition of the natural numbers corresponding to x and y. With this interpretation it is interesting to note the consequent result, which does not hold for the polymorphic lambda calculus.

96 J.R.B. Cockett, D. Spencer / Theoretical Computer Science 139 (1995j 69-113

Corollary 3.3. Addition is commutative:

append(x, y) = append(y, x).

Proof. In Lis t ( l ) we have, by the reverse acting as the identity,

append(x, y) = reverse(append(x, y) )

= append (reverse (y), reverse (x))

= append(y, x). []

3.4. Zipping streams makes a stream

This example illustrates primitive coinduction with an infinite list form of zipping. The problem is to show

zip(stream 1 (c a), stream2 (c2)) = stream 1 z (c a, Cz)

where the following definitions are applied:

stream~( ci) = Qx ~ head: hi(x) it ~" tail: t i ( x ) V [ci)

(i= 1,2)

streamx 2(ca, c2 ) - ~(x, y) w-~ head : ( h l (x), hE(y)) h,

2) IJ tc C tail : (t 1 (x), t2 (y)) v

head : (head(x), head(y)) h , zip(sl, s2)-- (x,y)w-~ ta i l : ( ta i l (x) , ta i l (y) )~tsx ,s2)

The action of streami on a seed value cl creates an infinite list {h(cl), h(t(ci)), h(t2(ci)), h(t3(ci)) .... }. (For clarity, the field label and nested-parenthesis syntax requirements in the infinite list expressions are eased here in favor of list-like notation.) The program stream12 operates on a pair of seed (values (ca, c2) to build an infinite list of derived pairs: {(hl(cO, h2(CE))),(hx(tl(cx)),(h2(t2(c2))),(hx(t2(cl)), h2(t2(c2))) . . . . }. The zip utility combines two infinite lists, or streams, of the form {cl ,c2,ca .... } and {c'a,c'2,c'3 .... } into an infinite list of associated pairs: {(cl, c~),(c2, c~),(c3, c~) .... }.

A reasonable recursion diagram for streamx2 is

A x A ~ h i×h2 C x C ~,×t2 ~ C×C l I ', r i d I stream12(__) [ stream12( , ) ~, '. ,

A x A ~ lnf l is t(A x A) ~ t~×t2 lnfl ist(A x A)

The resulting program equivalences that must be verified are (i) head(zip(stream1 (cl), stream2 (c2))) = (hi (cx), h2 (c2))

(ii) tail(zip(stream1 (c1), stream(c2))) = zip(stream1 (tl(Cl)), stream2(t 2(c z) ) ).

J.R.B. Cockett, D. Spencer / Theoretical Computer Science 139 (1995) 69-113

Unfold factorizer reductions easily provide both verifications. For (i) we have

head(zip(stream x (cl), stream2 (c2))) = (head(stream1 (ca)), head(stream2 (c2)))

= (hi (el), h2(c2))

and for (ii) we see

tail(zip(stream1 (cO, streamz(c 2) ) ) = zip(tail(stream1 (Ca)), tail(stream2(c z ) ) )

= zip(stream1 (tl (cl)), streamE(tz(cz))).

97

3.5. Indexing infinite lists

Two equivalent ways for indexed access of any infinite list built from a f ixed pair (h: C × X ~A, t : C × X ~ C ) of head and tail field-generating functions is presented. The example is interesting as it mixes primitive induction with unfolding.

First, we define a set of accessing routines relative to (h, t):

i~ x ~ head: h(x) ~ , , stream(c) tail:t(x) ~c~

expand(n, c)=h( ~zero:()~--~c } Ijsucc:c'~--*t(c') (n))

The variables are typed with n~Nat, l,l'elnflist(A), and c,c'~C. The program equality to be targeted here is

fetch (n, stream(c))= expand(n, c).

The left-hand program accesses the nth entry of an infinite list built from the seed value c via the field builders h and t. The right-hand program first builds from c the tail-field value by applying t in succession the proper number of times and then applies the final head-field build operation. Essentially, expand accomplishes its work in ignorance of the Inflist(A) datatype.

Some special observations are needed to find a path to the solution. First, the outermost functions of both programs (fetch on the left, expand on the right) are not quite in factorizer form due to the extra internal application of head and h, respectively, within them. So we define two simplications that are factorizers:

,, ~zero:()~--~l [~ , , fetch - (n, , j = ~succ : l' ~ tail(l') ~ ~n)

(]zero "()~--~c ~ expand - (n, c ) - "~1 " , (n) ~succ : c ~-~ t(c')

98 J.R.B. Cockett, D. Spencer / Theoretical Computer Science 139 (1995) 69 113

Now we rephrase our problem into a "factorizer" version. By observing that head(stream(c)) = h(c) (an unfold factorizer reduction), we can strip off an outermost application of head from both sides of our proposed equivalence to obtain an alternative problem:

fe tch - (n, stream (c) ) = stream (expand- (n, c) ) .

The recursion diagram for the left-hand program with context variable c is a Nat - recursion as shown below:

1 × C z e r o ×ia , N a t × C , suec × ia N a t × C i i i I I i . , I i d j id × s t r e a m ; f e tch , ( z d × s t r e a r a ; f e t c h - , p l )

1 × C Va:~tream~ )~ Infl ist(A) ~_vo:tau Inf l is t(A) × C

It remains only to show that s t ream(expand- (n , c)) is defined by the same specification:

(i) s t ream(expand- (zero, c) )= stream(c), (ii) s t ream(expand- (succ(n), c) )= ta i l ( s t ream(expand- (n, c) ) ). Subproblem (i) is a direct unfold factorizer reduction. The second one follows by

applying to the left-hand program a fold factorizer reduction to the e x p a n d - subterm and a reverse unfold factorizer reduction to the result.

3.6. Colists f o r m a mono id

To gather our intuition on colists recall that a colist can either by empty,

(split: bo( ) ),

or begin as

(split: b 1 (a 1,(split : b x (a2,(split : b 1 (a 3, (split : . . .

and, if finite, end as

... (split : bo( ) ) . . . ) .

An append operation for colists can be expressed as follows:

coappend(x, y)

I (11,12)~-.(split Ib "'~--' fbo()~-*boO

{ bl (a, l)~--~ bl (a, (l, 12))

The nested case analysis within coappend drives the colist generation firstly to replicate the first argument colist. If its replication completes, i.e. the first colist is finite, then replication continues by using the second colist. Note that the first colist argument, when infinite, dominates the coappend processing. If both arguments are


finite colists, the coappend produces results isomorphic to those of the familiar List-append operation.

The monoid properties to be proved are: (i) coappend(x,(split : bo( ) ) ) = x,

(ii) coappend((split: bo()), x)= x, (iii) coappend(x, coappend( y, z) ) =coappend(coappend(x, y), z). The unfold uniqueness rule for coList(A) to be leveraged for this purpose is

coList(A):

{ bo()~-~ bo() bl (a, c) ~-, bl (a, t(c) ) J (g(z) ) =(~, ~) split(t(z))

t (c) =v t z ~ split : g (z) D(c)

The right-unit property (i) is shown by using the finality diagram or the identity on augmented colists:

coList(A) spur , 1 + A x coList(A) i i [ id lid + (id × id) I I v *

coList(A) ~ I + A × coList(A)

Consequently, employing unfold uniqueness for "t" as the left program of (i) and "tl (c)" as split(c) with respect to this diagram requries solving the subproblems:

(1) if split(l) = bl(t~(1), t~(l) then

split( coappend(l, (split" bo( ) ) ) ) = bl (t~ (l), coappend ( t ~ (l), (slpit : bo( ) ) ) ).

(2) if split(l) = bo( ) then

split(coappend(l, (split: bo( ) ) ) ) = bo().

For showing (1), we make the indicated assumption for split(l). Then we derive:

split (coappend (l, (split : b o ()) ))

V W A ) - ' ~ ' W A

= EI [_(Wc, w'c) ~ coappend(wc, w~)]

~-~ bo() ~-~ bo() b (I b°() {b,(a, l)v- .bl(a,( l , , l ))}( °())l(split(l))t 1[ b'(a'l)F-*bl(a'(l'12)) ) ]

[WA v-~ WA ] f `(bo()~-~bo() l , b q, q, t,,q,," ] = E1 L(wc ' wc) ~ coappend(wc, wc)J \ )bl (a, 1) ~ b l (a,(l, 12)). ( ]

[-WA V--, WA -] b i t ( 1 EI L(Wc ' Wc)~ coappend(wc, Wc)J (t'l (l), (t~(1), (split'bo()))))

= bl (t'l (l), coappend(t'~(l), (split : bo( ))))).


The derivation for (2) is closely analogous to this one; it is left as an easy exercise. This completes the verification of the right-unit property. As expected, the proof of the left-unit property (ii) follows the same line of argument and is also left to the reader.

We finally arrive at the demonstration of associativity for coappend. The underlying coList-recursion diagram for the left-hand program of (iii) that motivates the proof is pictured as the outermost square of the diagram below:

coList(A) x (coList(A) × coList(A)) ,I , 1 + A x (coList(A) x (coList(A) x coList(A))) t '~ id + id × (id x coappend) [ id x coappend [

coList(A) x,coList(A) " , 1 + A x (coList(A) × coList(A) ) t coappend I I id + id x coappend

coList(A) wut , 1 + A x coList(A)

The bottom square commutes since it is the defining finality square for coappend where tl is the morphism corresponding to

(b ~ f b o ( ) ~ b o ( ) l))}(split(12) ) {(/1,/2)~_~ t o~, ~bx(a,l)~-~bl(a,(l~, .(split(ll))}

(bl (a, l) ~ b l(a, (/,/2))

The t~' morphism in the top square is the specification morphism for the left-hand program of (iii) and corresponds to

{(11,(/2, la))

(b , ,_.(bo()~-*bo() } (split(l~)) b°()~-'* I o() ~bl(a,l)~_~bl(a,(ll,(12, l)))

( bl ( a, l)F-* bl ( a,( ll,( l, la) )) bl(a, l)~-~ bl (a, (l, (/2, la)))

(split(12)) (split(ll)) }

A straightforward diagram chase by case confirms the commutativity of the top square. The cases are

1. l l=bl(a,l) 2. / l=bo( ) and 12=bl(a,l) 3. 11=12=bo() and 13=bl(a,l) 4. l 1 = 12 = la = bo(). For example, the chase for case 3 looks like

(11,(12, la)) q , bl(a,(ll, 12, l))) ~ id . . . . ppend ~ id + id x (id . . . . ppend)

I

(ll, coappend(12,1a))=(ll,bl(a, coappend(12,1))) tl bl(a,(lx, coappend(12,1)))


Thus, the diagram has been confirmed to be a recursion diagram for coappend(x, coappend(y, z)). Applying the unfold uniqueness rule for "t(x,(y, z))" equal to coappend(coappend(x, y),z) and "11" equal to t* yields the subproblems

(i') if t* (11,(/2,13)) = bl (t'1 (11,(12, la)), t; (11,(12,13))) then

split(coappend(coappend(la, 12), 13)) = bl(t'1(11,(12,13)), t(t'~(ll,(12, Is))))

(ii') if t*(la,(12,13))=bo() then

split(coappend(coappend(lx, 12), 13)) = b o ( ) .

For proving (i'), we see that taking the indicated assumption for t~ forces consideration of the first three cases (1)-(3) for la, 12 and l 3 used earlier in showing commutativity of the recursion diagram's top square. Because the derivations in these cases are alike, only the derivation for case 2 (lx =bx(), 12 =bo(a,l) is shown below. This case yields t~(ll,(12,13))=bl(a,(ll,(l,13))), which in turn says that t'l(ll,(12,13))=a and t';(ll(I2, la))=(ll,(l,13)). Proceeding, we have

split(coappend(coappend(ll, 12) , 13)

[(b ,, _.. fbo()~--~ bo() =Ea t . . . ] l/ °() ~bl(a,l)~--~bl(a,(tl,t))}(sptit(ta))~(split(coappend(ll,12)))

/lbl (a, 1) ~ b l (a, (l, •2))

II If" ,, ~{b°()~-*b°() I))](split(13)); = E1 [.. .] | Oo~ ) ~--~ lb I (a, l ) ~ bx (a,(ll, 1 (bl (a, (coappend(ll, 1), 13)))

l(b, (a, l ) ~ bx (a, (l, 12))

W A ~ W A =El [ . . . . . . . ](bl(a,(coappend(ll, l), 13))) L~Wc, wo ~ coappena~wo WOl

= b x (a, coappend(coappend(la, I), 13)).

Establishing (ii') requries case 4 in which all three arguments are empty, producing a simple case and map reduction. Thus, coList(A) is a monoid.

3.7. Tree summations

Our last example is a comparison of two ways for summing the leaf values of a binary tree. The program addtree does it directly with a fold

. . . . ~bleaf: n ~-* n aaatree(t) = ~1 . . . . ~ (t) oonoae : in, m) ~ add(n, m)


A second way is to flatten the tree into a list of natural numbers and then sum the list. The appropriate routines are presented below:

~bleaf : a ~-~ [a] ~ (t) flatten(t) = ~bnode :(/1,/2) ~ append(Ix, 12)

"'" =- <l~nil:()~-+zer°O i>~'l" sumu] ~cons : (n, m ) ~ add(n, m) ~ t 1

The standard addition of natural numbers is defined by

"= 3l~zer° : ( )~-~ m add(n, (n) m) ~succ : v ~ succ(v)

Thus, the example problem under consideration is

sum(flatten(t)) = addtree(t).

From addtree being a fold factorizer, our problem translates to establishing the commutativity of the following diagram:

Nat bteay , Btree(Nat) ~ bnoae Btree(Nat) x Btree(Nat)

1i d ~sum(flatten(_)) lsum(flatten( )) (flatten(_)) . . . .

Nat ia ~ Nat ~ aaa Nat x Nat

A Btree-fold reduction followed by a List-fold reduction validates the left square. For the right square, we note that

sum (flatten (bnode (t 1, t2))) = sum (append (flatten (t 1),flatten (t2)))

by a Btree-fold reduction. The desired result becomes immediate by showing

sum (append (11,/2)) = add (sum (/1), sum ( /2 ) )

holds for any lists 11 and 12. The left-hand side of the equation is the composition of two List fold factorizers:

append(_,/2) and sum(_). We apply the composition to the List cases to see if it can be expressed as a List fold factorizer:

sum(append(nil(),/2)) = sum(12)

sum (append (cons (n, /), / 2) ) = sum (cons (n, append (/,/2)))

= add(n, sum(append(l,/2)))"

Indeed, the composition is in fold factorizer form with sum occurring recursively exactly in accordance with its associated initiality diagram, viz. the composition is specified by the two maps sum(12) and add(n, sum(l')). We are left with applying the right-hand side of the lemma to the same cases to see whether it satisfies the same


specification. Using the easy-to-check associativity of add, we confirm below that the specification holds and that the right square commutes:

add (sum (nil()), sum (l 2) ) = add (zero (), sum (/2))

=sum(12)

add(sum(cons(n,/)), sum(12)) = add(add(n, sum(l)), sum(I 2) )

= add(n, add(sum(1), sum(12))).

The next section finally reveals that our successful examples are true rewards from this approach towards datatypes: the term logic is shown to have exactly the strong- functor foundation that was assumed and leveraged here for establishing program equivalences.

4. The equivalence of combinators and term logic

An equivalence between a categorical combinator theory and the term logic is expressed by a pair of mutually inverse consistent translations: combinators-to- programs and programs-to-combinators. Consistency simply means that a translation preserves equality.

A finite product combinator theory c~ has the specification (3-, ~-, St, ~) where ~-- is a collection of primitive types, f f is a collection of predetermined maps or combinators, 6 a is the set of type signatures of the combinators, and 8 is a set of equations between combinators.

The types are given by the same rules used earlier for generating the cartesian theory types.

The combinators are generated inductively by the following. For every type z there is an identity combinator id~ :z ~ z .

• For every type z there is a final combinator !~ :z ~ 1. • If f ~ has signature (zl, z2), then f : zz ~z2 is a combinator. • For every pair of types Zo and zl, there are projection combinators

p~O .... Zo x zl ~Zo and p]O,,l : Zo x zz ---~'1. • If Co : z ~Zo and cl : z ~ z l are combinators, then their pairing (Co, c l ) : z ~Zo × z, is

a combinator. • If Co : Zo --,z, and c~ : z, ~z2 are combinators, then their composition Co ; Cl : Zo ~z2

is a combinator. The symmetric transitive closure of the relation defined by the axioms and inference

rules below give the congruence relation among combinators possessing the same domain and codomain types: • (Co;Cl)'~C2~Co;(C1;C2). • i d ; c - c - c ; i d . • (Co, C ,~;po-co .


• (Co, Cl ) ;p l=cl . • (c;po, c ; p l } - c • c ; ! = ! .

- - t . - - t . t • If Co=Co and Cl=--c'~ then co ,e l=co,e l . • Ifco=Cx in ~ then co-ed.

When a finite product combinator theory is augmented by the declaration of a datatype it is necessary to add the required combinators (constructors/destructors and fold/unfold) satisfying the appropriate recursion diagrams as indicated in the introduction.

4.1. Translating programs to combinators

A translation, herein denoted oK, of closed abstracted terms, or programs, to combinators and a proof of its consistency is presented in this section. We first define below the translation of programs in the term logic. The notation

~v~t~ represents the application of the translation cd to thc program {v~--*t}. The definition proceeds inductively on the construction of the abstracted term representing the program:

(i) ~ [ v ~ ( ) ] =!,. (ii) If x~ is a variable then ~x,~--~xJ=id, .

(iii) If Vo and vl are variable bases then

c~[[(Vo, vl) ~ x]] = Po ;c~ ~-Vo w-~ x~ if x efvars(vo)) and

~(Vo, v~)~---~ x~ =p, ;C~v, ~--+ x~ if x~fvars(v,).

(iv) ~ ~v ~ {v' ~-~ t} (t')~ = ( ~ ~v ~-~ t'~, id) ; ~ ~(v', v) ~-~ t~. (v) If f i s a function symbol (including projections) then ~ Iv ~--~ f(t)] = ~¢ Wv w-~ t] ; f

(vi) C~v~-*(to, tl)']= (C~vF--~ to~,C~v~--~ tl q]). The rest of this section is devoted to showing the consistency of this translation.

Appropriately, the generating set of given equations 8 in the target cartesian combinator theory should extend the - - re la t ion defined above and be exactly the translation images of those in Eo, the equations of the cartesian theory.

Whenever strong datatypes are declared, the translation requires an extension to the new terms generated by the addition of the associated constructors and factorizers. It is technically necessary to define the extension for only the constructors and the fold terms (for an initial datatype) or the destructors and the unfold terms (for a final datatype) since the remaining terms are expressible in terms of folds and unfolds. Yet it is instructive to see the development for the case and map terms as well and therefore they have been presented here with their specialized combinators. Shown below is the incremental extension to be used for adding a strong initial datatype L:


(i) cg[[vv--~ c,(t) ~ =Cg~v~--* t~ ; c, (ii)

llvx-/i ... llt) = (Cg~VxF-* t]], id);foldr{Cg[~vl, Vx) V--* t,~ . . . . . (d~(v,,, Vx) V--, t.~}

(iii)

(~ V x ~ I ... (t) [c.(v.)~-~t.

= ((~ ~Vx v-~ t~, id) ;case L {(g Iv ,, Vx) ~ tl~ ..... ~ ~(v., Vx) ~-, t.~ }

(iv)

(g Vx ~ L ... (t) LWm~t.j

= ((g ~Vx ~-~ t~, id ) ;map L {cg ~w,, Vx)~-~ t l~ ) . . . . . cg ~(w,., Vx) ~ tm~}

Next are the translation rules to be added when adjoining a new strong final data type R:

(i) rg[[v~-* d,(t) l] =c¢[[v~-* t~ ; d, (ii)

~ Vx~-" vc~" "'" II(t) d. : t. V

= ( ~ ~Vx~t~, id); ~ fo ld ~ {~ EVc, V x ) ~ t , ; ..... ~ ~(Vc, Vxt ~ t.~}

(iii)

= (c~ [ V x - t~, i d ) ; r ecord R {(g ~(Vc, Vx)~-~ t,~ . . . . . (g [[ (Vc, Vx)~-~ tn'~ }

(iv)

= ( ~ [[Vx ~ t]], id ) ; map R { ~ ~w,, Vx) ~-* t l ]] . . . . . ~[[ (win, Vx) ~ t ,~ }

Our aim is to prove the following.


Proposition 4.1. For any theory built from a finite product theory augmented by a finite sequence of datatype declarations the translation (g above is consistent.

To facilitate the proof of this, which we will sketch, the following lemma is useful.

Lemma 4.2. I f {v ~ t} is a closed abstraction, then (i) (g~(v,v')v--~t~=po;(g~v~--~t~

(ii) (~(v',v)~--~ t]] =Pl ;(£~v~--~ t~.

Intuitively, this says that one can eliminate variables not used actively in an expression and this is a desirable practical optimization of the translations provided. The lemma is proven by structural induction on t. To illustrate the method we demonstrate the inductive step on a fold factorizer.

Suppose that (using abbreviated notation)

t = v, ( to)

then

(¢ ~ (v, v') ~-~ ~ci : vi ~-~ ti~ (to)]] = ((g [[ (v, v') ~ to~, id} ;fold L {(g [[ (ei, (v, v') ) v-. t,~ }

= (Po ;eg Iv ~ to]], id) ;fold L {id x Po ;cg ~(ei, v) ~ ti]] }

=(po;Cg~v~--~to],id} ; id× po;foldr{C~(ei, v)~--~ti~}

= Po ; ((g [Iv ~-~ to]], id) ;fold L {(¢ [[(ei, v) v-~ t,]] }

= po ; C¢~v ~ ~ci: ei~-~ti~(to)~.

Notice that we have used the naturality of the strength and some projection manipulations.

Turning to the proof of the proposition it is necessary to prove the consistency of the inference rules of the term logic. This is clone by checking each term logic inference rule in turn. In fact, all except the abstraction application (fl-reduction) are now straightforward.

To show that {vv--,v} = {v'~--~ v'} it suffices to show that (g[[vv--,v]] =id. This can be proven by a simple structural induction on the structure of the variable base:

basis:

C~[x~-~ x ] = i d

induction:

~(Vo, v ,) ~ (Vo, v~)]] = (~e ~(Vo, v~) ~ Vo]], ~ ~(Vo, v,) ~ v d

= (po ; Cg[Vo V-* Vo]], pa ; ~f [v,, v, ~ >

= (po;id, p~ ;id}

= id.


The unit rule is immediate. To show the projection identities hold we have

Cglv ~ po(to, t l) ~ = ~ Iv ~ (to, t l) ~ ; Po

= (cdl[v~-~ to~,Cdlv~-~ t,[]) ;Po

= Iv to]].

For the congruence inference rule we note that when {Vo ~ to} and {vl ~ tl} are closed abstractions which are composable then we have

cd[[v o v-~ {va ~ , tl} (to)]] = (c~ [[Vo ~-~ to~, id);rdl[(Vl ,Vo)~ t,~

= ((g~Vo ~ , to]], id ) ;po ;~¢Iv, ~-~ tl]]

= e Vo tdl ; elM from which the congruence inference follows easily.

It remains to show that c~ [Iv ~-~ {v' ~-, t'} (t)~ = ~ [[v~,av, ~_,(t')~ and, of course, this is the heart of the proof. It is proven by a structural induction on t'. Again we sample this induction to give a flavor of the manipulations involved by showing the steps for an unfold factorizer.

Let t' =@ ~--* di : tiD(to). Then

c~ ~vo__~av,.__t( tVo ~ di : tiD(to) ) ~

= C~v ~-*tVo ~ d, :a¢~,(ti)Da~,.-_t(to)]]

= (oK Iv ~-* a¢.-_t(to)~, id) ;unfoldR {c~ IVo, v)~--~a~,.-_,(ti)]] }

= (c¢ nv ~ {v' ~ to} (t)]], id) ; unfoldR {cg ~(Vo, v) ~ {v' ~ ti} (t,)]] }

= ( ( C g l v ~ t]], id) ;cg ~(v', v) ~ to]], i d ) ;

unfoldR { <(¢ [[(v,, v) ~-~ t~, id> ; c¢ ~(v',(Vo, v)) ~ ti~ }

= < <cg [Iv ~ t]], id) ; cg ~-(v', v) ~ to]], id) ;

unfold. { ( p , ; cg Iv ~ t]], id) ; cg [(v',(Vo, v ) ) ~ t,~ }

= ( ( ( g [Iv ~-~ t]], i d ) ;cg ~-(v,, v)~ to], id);

unfolds {id x (cg iv ~ t]], id> ;cg~-(Vo,(V,, v ) ) ~ ti~ }

= ((c~ iv ~ t]], id);Cg [[(v', v ) ~ to]], i d ) ; id x (cg Iv ~ t]], id) ;

unfold, 0 ) - } = (cg Wv ~ t]], id) ; c¢ ~-(v', v) ~-* to]], id) ; unfoldg {c¢ [Vo,(V', v)) ~ t,]] }

= ((¢ Iv ~-~ t]], id) ; c¢ [[(v', v) ~-~ tVo ~ d, : t,b(to)]]

=C¢[v~--* {v' ~--~ tVo V--~ di : ti} } (to) ]] .


It remains only to check the consistency of the axioms introduced by the declared datatypes. For these it suffices to check the fold/unfold uniqueness and the action of the constructors and destructors. These rules translate directly into the recursion diagrams, however, and so the proof of consistency is complete.

4.2. Translating from combinators to term logic

In order to complete the proof of equivalence we may take one of the two routes. Either we can provide an inverse consistent translation or we can rely on the universal property of the combinator theory (as the free category generated by the given sequence of declarations). The first route involves lengthy, but essentially straightforward, structural inductions. It also provides an explicit translation which has practical ramifications. The second route is more conceptual but has the advantage of shedding a different light on the proof. For this reason while we actually follow the first method we discuss the second method below.

The second method starts with the observation collected from Section 2 that the closed abstractions of the term logic under composition from a category. Actually, not just any category: one with finite products and the declared datatypes. The combinator theory, by construction, is the free such category. Structure-preserving functors from the free category are totally determined by their action on the generators. Thus, if the translation to the term logic and the translation back to the combinators are structure preserving, and do not change the generators then the composed translation is the identity. To prove that the translations give an isomorphism of categories it then suffices to show that every closed abstraction of the term logic is (equivalent to) the translation of something in the combinator theory (note that the objects are un- changed in the translation).

Now the translation, almost by definition, preserves the generators and structure. Thus, the only remaining aspect would be to ensure that every closed abstraction is equivalent to a translated combinator expression!

Returning to the more direct first method: we start by presenting a translation in the opposite direction. The translation of a combinator f will be denoted ~[[f]]. Two notations we shall use in this translation are the composition (";") and pairing C.") of closed abstractions:

(i) {v ~ t} ; {v' ~--* t'} = {v~a¢.=,(t')} (ii) ({v~--, to}, {v'~-*t'l} =- {v~--~(to, av,-_v(tl))}. In general, the translation of a combinator will require making choices of variable

bases. As the choices do not affect the outcome we have not specified how they are made.

(i) (ii)

(iii) (iv)

The translation ~ is defined as follows:

~ ( f ;g)~ = ( ~ f ~ ; ~ g ~ ) ~id,] = {v, ~ v~}


(v) If v is a variable base for the domain of a primitive combinator, f, (including projections) then ~ f ~ = {v ~ f(v)}.

The translation for the combinators for all three factorizers introduced by an inductive datatype declaration is presented next:

(i) ~[~ci~ = {vF--~ci(v)} where v is a variable base for the domain of ci

Ic l : vl ~-~ ~ [[hi ]](vl, vx)l ( i i ) ~[[foldL{hl ..... h.}~={(vL, vx)v--*tl "" It(VL)}

el @1) ~ ~ [[hl]]@l, Vx)) (iii) ~ [case L {hi ..... h.} ]] = {(VL, Vx)~-+ "" t (VL) }

C.(V.)~--* ~ h . ~ ( v . , vx) j

(iv) ~[[mapL{f, ..... fm}~={(VL, Vx)~-->L l "'" t(VL)}.

Similarly, the translation of the combinators introduced by a coinductive declaration is presented below:

(i) ~[[di~ = {v~-*di(v)) where v is a variable base for the domain of di

I , ( i i ) ~[[unfoldR{g, ..... g.}~={(V'c, Vx)~-~ Vc~-+ ... [[(Vc)} d . : ~ g . 7 ( V c , Vx) l

d~ : ¢ ' [ g d (v , v~) (iii) ~ r e c o r d " {g~ ..... g~} ~= { (V'c, Vx)~-* "'" }

(iv) ~map" { f l ..... f . . } i = { ( , , , .vx)~ R / . . . ] (v.)}

Proposition 4.3. For any finite product category augmented by a series of datatype declarations, ~ is a consistent translation of the combinator notation into term logic notation.

To prove this we must go through the rules of the combinator theory. The usual rules of category theory, associativity of composition and the identity rules are easily verified. Furthermore, the recursion diagrams for a datatype translate almost directly into the term logic rules. To illustrate the technique we demonstrate the consistency of


the translation of two identities. For a fold factorizer reduction we have

~c, x idx ; fold z {hi ..... h.}

= (~[[Po~ ; ~ - c ~ , t~[[pl~>;~foldL{h~ ..... h,,} ]

= {(vi, Vx) ~ (ci (Po (vi, Vx)), p, (v,, Vx))} ; {(VL, VX) v--* ~C, : V, ~ ~ ~h,~ (vi, Vx)~ (VL)}

= {(Vi, VX)~ ~Ci :vi~-"~h,]](vi, Vx)~(c,(v,))}

FWAt--* WA vi~--~ ~[[hi~(vi, vx~(Wr)] (v')('~hi]](vi'vx)) } = {(v~, Vx)~a~-_~, LW~ ~" ~c, :

. . . . . F W a ~ I p o ] ( w a , vx) ](v,),(Vx)}" = ~AV" Vx)~tr~' I_wL ~.¢"I[foIdL {h, ..... h,,I ]](WL, Vx)

{(v,, Vx) v--, t~ ~h,~ (v,, vx) }

= ( ~ m a p E' {Po, foldr{hl ..... h.} } ~, ~ p , ~ > ;~Ihi~

= ~ < m a p e' {po, f oldL {hi ..... h.} },Pl > ; h,~

The consistency for an R unfold factorizer reduction is demonstrated by

~ [ u n f olda {gl ..... g.} ; diI

= i ~ u n f oldR {gx ..... g.} ~ ; ~ d i ~

= {(v~, Vx) ~ ~Vc ~ d j: ~ ~gj](Vc, Vx) D(v~)}; {v . ~ d,(vR)} = { ( v ~ , Vx) ~ d,~vc ~ d j: ~ ~g~ (Vc, Vx) D(v ~))}

i ~WA ~ WA 1 = {(Vc, vx) ~ E, t_w,, ~ ~vc ~ dj:~,lVgj~(Vc, vx)D(Wc) (~'[VgJ(v'~' Vx)}

= {(vb, Vx)~(~'~g,~(v'¢, Vx), Vx)};

{ (v,, v x ) ~ E, [w., ~ ~po~(w., , Vx) ] LWR ~ ~' [unf olda {91 ..... g.} ~ (Wc, Vx) (v,)}

= ( ~ [[gi], ~ ~Pli >;~ [[map~'{Po, unfold" {gl ..... g.}} 1

= ~ [[(9i, P l > ; mapE'{Po, unfold" {gx ..... 9.} } ]

We can now state the main theorem of the paper.

Theorem 4.4. c¢ is an isomorphism, with inverse ~ , between a finite product category augmented by datatype declarations presented in term logic notation and the category presented in combinator notation.

Proof. Consider the translational composition (¢o~. The argument is a structural induction on the complexity of the term to be translated: we demonstrate the case of the fold factorizer. The inductive assumption is that on any smaller terms the


translation is the identity

c g ~ [ f o l d L {hx . . . . . ha} ~

= rg[(vL, Vx)~"* {Ic, :v, ~-~ ~h,~(v, , Vx)l}(vL)~

=fo ld L { .... cg ~(v,, Vx) ~ ~ [h,~(v,, Vx)~ ... . }

= fo ld L { .... ~ g ~ ~h,H .... }

= fo ld L { .... h, . . . . }.

Now consider the composition ~org. Again the argument is a structural induction on the complexity of the terms to be translated. We demonstrate the fold factorizer case in the structural induction:

= ~ [(c¢ [Vx ~ t~, id> ; fold L { .... cg ~(vi, Vx) ~ t,] .... }

= ~ ~(c¢ ~Vx ~ , t~, id)~ ;,~ ~fold L { .... c¢ [[ (vi, Vx) ~-~ ti] .. . . } ]]

= ( ~ C ¢ ~ V x ~-* q ~ , ~ i d ~ ) ; {(VL, Vx) ~-~ ~C,: V,~-~ ~-~-(V,, Vx) ~-* t,~]~(Vi, Vx)[~(VL)}

= ( {Vx ~ t},{Vx ~ Vx}>; {(vL, V x ) - ~c,: v , . { v,, vx),---, t,Itv,, vx)D(vL)}

= { v x - - ~c,: v , - - {Iv,, Vx) ~ t,}(v,, Vx) D(t)}

={Vx~-*~ci:vi~-~t ,~(t)} . []

5. Conclusions

A category can be not only a model o f computation but also a medium.

The charity project at Calgary has verified that significant algorithms can be coded using a categorical programming language built atop this term logic. Our experience suggests that the more disciplined style of programming which is demanded by this language is easily learnt. Furthermore, it has often led the programmer to a clearer view of the structure of an algorithm.

Others, of course, have investigated calculi based in inductive and co-inductive datatypes. The interested reader should compare this work not only with Hagino's original work [5, 6] but also with Malcolm's syntactic calculus [12] and Greiner's variant of the polymorphic lambda calculus [4]. While initial and final categorical datatypes underlie all these treatments, here we have provided a first-order useable programming language driven entirely by datatype declarations.


Categorical datatypes always satisfy standard models.

Of some interest is the role of parametricity within our setting and its connection to naturality. Hasegawa [7,8] has pointed out that parametricity is equivalent to the presence of categorical products and coproducts in models of polymorphic calculi. The setting we have discussed, of course, has true products and coproducts, and, furthermore, has no contravariant-type formation. Parametricity is therefore present for much simpler reasons.

Reynolds' abstraction theorem [16] asserts, under a precise definition of logical relations among sets, that related polymorphic functions produce related output values from related input values. This result has been specialized by Wadler [19] as a "free parametricity result" to give a more direct tool for proving program equivalences. Wadler's assertion that parametric theorems are "free" due to the apparent removal of any need for structural induction in their proofs has been challenged by Mairson [11]. The point of contention is Wadler's inclusion of a structurally inductive datatype (lists) into the definition of logical relations by which Wadler expresses his version of the abstraction theorem. In Mairson's mind, the question of whether an object in hand is actually a list for which a structural induction principle holds always requires answering.

In the setting described in this paper, inductive datatypes are always standard. Thus, Wadler's "theorems for free" apply without modification, indicating the promise of these developments for verification.

References

[1] J.R.B. Cockett, Distributive logic, Tech. Report CS-89-01, University of Tennessee, 1989. [2] J.R.B. Cockett and T. Fukushima, About Charity, Research Report No. 92/480/18, Department of

Computer Science, University of Calgary, 1992. [3] J.R.B. Cockett and D. Spencer, Strong categorical datatypes I, in: R.A.G. Seely, ed., International

Meeting on Category Theory 1991, Canadian Mathematical Society Proceedings, Vol. 13, AMS, Montreal (1992) 141-169.

[4] J. Greiner, Programming with inductive and co-inductive types, Tech. Report CMU-CS-92-109, Carnegie Mellon University, Pittsburgh, January 1992.

[5] T. Hagino, A Categorical programming language. Ph.D. Thesis, University of Edinburgh, 1987. [6-1 T. Hagino, Codatatypes in ML, J. Symbol. Comput. 8 (1989) 629-650. [7] R. Hasegawa, Categorical data types in parametric polymorphism, Proc. 4th Asian Logic Conf.,

RIMS, 1990. [8-1 R. Hasegawa, Parametricity of extensionally collapsed term models of polymorphism and their

categorical properties, in: Theoretical Aspects of Computer Software, Lecture Notes in Computer Science, Vol. 526 (Springer, Berlin, 1991) 495-512.

[9] J. Hughes, Why functional programming matters, Comput. J. 32 (2) (1989) 98-107. [10] A. Kock, Strong functors and monoidal monads, Arch. Math. 23 (1972) 113-120. [11] H.G. Mairson, Outline of a proof theory of parametricity, in: Proc 6th lnternat. Symp. on Functional

Programming Languages and Computer Architecture (1991) 313-327. [12] G. Malcolm, Algebraic data types and program Transformation. Ph.D. Thesis, University of Gronin-

gen, 1990. [13] E. Meijer, M. Fokkinga and R. Paterson, Functional programming with bananas, lenses, envelopes

and barbed wire, in: Proc. 6th lnternat. Symp. on Functional Programming Languages and Computer Architecture, 1991.


1-14] L.C. Paulson, Co-induction and co-recursion in higher-order logic Tech. Report 304, University of Cambridge Computer Laboratory, July 1993.

[15] A.M. Pitts, A co-induction principle for recursively defined domains, Report 252, University of Cambridge Computer Laboratory, 1992.

[16] J.C. Reynolds, Types, abstraction and parametric polymorphism, in: R.E.A. Mason, ed., Information Processing 83 (North-Holland, Amsterdam, 1983) 513-523.

[17] T. Sheard and L. Fegaras, A fold for all seasons, in: Conf. Functional Programming Languages and Computer Architecture, Copenhagen (1993) 233-242.

[18] A. Stoughton, Substitution revisited, Theoret. Comput. Sci. 59 (1988) 317-325. [19] P. Wadler, Theorems for free! in: Proc. 4th Internat. Syrup. on Functional Programming Languages and

Computer Architecture, London, UK, September 1989. [20] G.C. Wraith, A Note on Categorical Datatypes, Lecture Notes in Computer Science, Vol. 389

(Springer, Berlin, 1989) 118-127.

Documents

Fundamental Study Strong categorical datatypes II: A …peter/cockett2.pdf · Fundamental Study Strong categorical ... Dwight Spencer b a Department of Computer Science, University